A paradigm for user-defined security policies

One of today´s major challenges in computer security is the ever-increasing multitude of individual, application-specific security requirements. As a positive consequence, a wide variety of security policies has been developed, each policy reflecting the specific needs of individual applications. As a negative consequence, the integration of the multitude of policies into today´s system platforms made the limitations of traditional architectural foundations of secure computer systems quite obvious. Many of the traditional architectural foundations originally aimed at supporting only a single access control policy within a single trusted system environment. This paper discusses a new paradigm to support user-defined security policies in a distributed multi-policy system. The paradigm preserves the successful properties of the traditional architectural foundations while additionally providing strong concepts for user-defined security policies. Among these concepts are policy separation, encapsulation, persistency, cooperation, and reusability. We illustrate the application of our approach in a DCE environment